Any howto on "No listing and greylisting"
- Thread starter pluk
- Start date
I'll read and make sure everything is correct. Many thanks!
floyd
Verified User
- Joined
- Mar 29, 2005
- Messages
- 6,271
I would and do.
I have right now...
ftp A xxx.xxx.xxx.11
domain.com. A xxx.xxx.xxx.11
localhost A 127.0.0.1
mail A xxx.xxx.xxx.11
ns1.domain.com. A xxx.xxx.xxx.11
ns2.domain.com. A xxx.xxx.xxx.12
pop A xxx.xxx.xxx.11
www A xxx.xxx.xxx.11
domain.com. NS ns1.domain.com.
domain.com. NS ns2.domain.com.
mail MX 10
domain.com. TXT "v=spf1 a mx ip4:xxx.xxx.xxx.11 ?all"
do I just change to...
none1.domain.com MX 10
mail.domain.com MX 20
none2.domain.com MX 30
where I just leave none1 and none2 without any A record to point to no where?
I have everything in the same box. everyone is sharing xxx.xxx.xxx.13 for their hosting.
Any good of the above?
ftp A xxx.xxx.xxx.11
domain.com. A xxx.xxx.xxx.11
localhost A 127.0.0.1
mail A xxx.xxx.xxx.11
ns1.domain.com. A xxx.xxx.xxx.11
ns2.domain.com. A xxx.xxx.xxx.12
pop A xxx.xxx.xxx.11
www A xxx.xxx.xxx.11
domain.com. NS ns1.domain.com.
domain.com. NS ns2.domain.com.
mail MX 10
domain.com. TXT "v=spf1 a mx ip4:xxx.xxx.xxx.11 ?all"
do I just change to...
none1.domain.com MX 10
mail.domain.com MX 20
none2.domain.com MX 30
where I just leave none1 and none2 without any A record to point to no where?
I have everything in the same box. everyone is sharing xxx.xxx.xxx.13 for their hosting.
Any good of the above?
floyd
Verified User
- Joined
- Mar 29, 2005
- Messages
- 6,271
The have to have valid A records pointing to valid ip addresses. But those ip addresses should not be listening on port 25.
Possible to outline me the syntax to close the port 25? I'll forward both none1 and none2 to IP xxx.xxx.xxx.14 (which is free, no one using it). Need to close that port 25 on it. something in iptables???
iptables -I INPUT -i eth0 -s xxx.xxx.xxx.14 -p tcp --dport 25 - j DROP
Would this be good?
Where do we edit so that it can be set everytime we restart the machine?
iptables -I INPUT -i eth0 -s xxx.xxx.xxx.14 -p tcp --dport 25 - j DROP
Would this be good?
Where do we edit so that it can be set everytime we restart the machine?
Last edited:
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Read the information at http://www.nolisting.org
There's sample iptables code there.
To make sure it starts every time you restart the server put it (on it's own line) in your server's rc.local file.
Jeff
There's sample iptables code there.
To make sure it starts every time you restart the server put it (on it's own line) in your server's rc.local file.
Jeff
interfasys
Verified User
So, all a spammer has to do is do 2 passes, one for each MX or go straight for the 2nd MX...
Is this happening?
Is this happening?
scsi
Verified User
- Joined
- Aug 19, 2008
- Messages
- 4,527
So? Its not meant to be 100% fool proof but it will discourage some automated bots from sending you junk. Usually when scanning netblocks when an ip doesnt respond to the port open request it will just go to the next ip address instead. I think its worth it as a step to remove some spam.
interfasys
Verified User
It works surprisingly well...I mostly get wrong FQDN in my logs now and the occasional blocklist hit.